cverules − Generate version matching rules for installed software on a Linux / Unix distribution
The cverules script will scan the installed distribution packages on your system and attempt to generate version matching rules that can be used by cvechecker.
The script should be used by people interested in contributing to the cvechecker’ success.
The command requires a single option, -r. An example usage pattern is like so:
˜$ cverules −r > output.txt
The generated output.txt file can then be submitted to the cvechecker project, allowing it to improve the versions.dat.
The user should understand that this script attempts to generate matches, but doesn’t guarantee that each and every installed software is detected.
First of all, if a package is already matched by existing rules, the rest of the package’ content isn’t scanned anymore. This is because the tool wants to identify software and versions - once one has been detected, further detection is less useful and very resource consuming.
Second, if a package isn’t detected properly, the script will see if the version based on the distributions’ package version can be found. If it can’t, then it cannot identify the version properly and ignores the package.
Third, if the script does find a match for the version, it tries out a few regular expressions (which have a high probability rate to match the version) but has no intelligence to optimize the expressions. If the tried expressions fail, the script will ignore the package.
cverules is part of the cvechecker tool. cverules was written by Sven Vermeulen <[email protected]>.